Alexei Podtelezhnikov pushed to branch master at FreeType / FreeType
Commits:
-
22befeef
by Alexei Podtelezhnikov at 2021-10-07T22:41:56-04:00
-
0313a11c
by Alexei Podtelezhnikov at 2021-10-07T22:43:12-04:00
-
946df221
by Alexei Podtelezhnikov at 2021-10-07T22:44:53-04:00
10 changed files:
- docs/CHANGES
- include/freetype/fttypes.h
- include/freetype/internal/tttypes.h
- include/freetype/t1tables.h
- src/cff/cffgload.c
- src/cid/cidgload.c
- src/cid/cidload.c
- src/cid/cidload.h
- src/psaux/psft.c
- src/truetype/ttgload.c
Changes:
1 |
+CHANGES BETWEEN 2.11.0 and 2.11.1
|
|
2 |
+ |
|
3 |
+ I. IMPORTANT CHANGES
|
|
4 |
+ |
|
5 |
+ - Some fields in the `CID_FaceDictRec`, `CID_FaceInfoRec`, and
|
|
6 |
+ `FT_Data` structures have been changed from signed to unsigned
|
|
7 |
+ type, which better reflects the actual usage. It is also an
|
|
8 |
+ additional means to protect against malformed input.
|
|
9 |
+ |
|
10 |
+ |
|
11 |
+======================================================================
|
|
12 |
+ |
|
1 | 13 |
CHANGES BETWEEN 2.10.4 and 2.11.0
|
2 | 14 |
|
3 | 15 |
I. IMPORTANT CHANGES
|
... | ... | @@ -413,7 +413,7 @@ FT_BEGIN_HEADER |
413 | 413 |
typedef struct FT_Data_
|
414 | 414 |
{
|
415 | 415 |
const FT_Byte* pointer;
|
416 |
- FT_Int length;
|
|
416 |
+ FT_UInt length;
|
|
417 | 417 |
|
418 | 418 |
} FT_Data;
|
419 | 419 |
|
... | ... | @@ -1734,7 +1734,7 @@ FT_BEGIN_HEADER |
1734 | 1734 |
FT_UInt glyph_index;
|
1735 | 1735 |
|
1736 | 1736 |
FT_Stream stream;
|
1737 |
- FT_Int byte_len;
|
|
1737 |
+ FT_UInt byte_len;
|
|
1738 | 1738 |
|
1739 | 1739 |
FT_Short n_contours;
|
1740 | 1740 |
FT_BBox bbox;
|
... | ... | @@ -360,7 +360,7 @@ FT_BEGIN_HEADER |
360 | 360 |
|
361 | 361 |
FT_UInt num_subrs;
|
362 | 362 |
FT_ULong subrmap_offset;
|
363 |
- FT_Int sd_bytes;
|
|
363 |
+ FT_UInt sd_bytes;
|
|
364 | 364 |
|
365 | 365 |
} CID_FaceDictRec;
|
366 | 366 |
|
... | ... | @@ -415,8 +415,8 @@ FT_BEGIN_HEADER |
415 | 415 |
FT_ULong xuid[16];
|
416 | 416 |
|
417 | 417 |
FT_ULong cidmap_offset;
|
418 |
- FT_Int fd_bytes;
|
|
419 |
- FT_Int gd_bytes;
|
|
418 |
+ FT_UInt fd_bytes;
|
|
419 |
+ FT_UInt gd_bytes;
|
|
420 | 420 |
FT_ULong cid_count;
|
421 | 421 |
|
422 | 422 |
FT_Int num_dicts;
|
... | ... | @@ -59,7 +59,7 @@ |
59 | 59 |
|
60 | 60 |
|
61 | 61 |
*pointer = (FT_Byte*)data.pointer;
|
62 |
- *length = (FT_ULong)data.length;
|
|
62 |
+ *length = data.length;
|
|
63 | 63 |
|
64 | 64 |
return error;
|
65 | 65 |
}
|
... | ... | @@ -94,7 +94,7 @@ |
94 | 94 |
|
95 | 95 |
|
96 | 96 |
data.pointer = *pointer;
|
97 |
- data.length = (FT_Int)length;
|
|
97 |
+ data.length = (FT_UInt)length;
|
|
98 | 98 |
|
99 | 99 |
face->root.internal->incremental_interface->funcs->free_glyph_data(
|
100 | 100 |
face->root.internal->incremental_interface->object, &data );
|
... | ... | @@ -63,7 +63,7 @@ |
63 | 63 |
#endif
|
64 | 64 |
|
65 | 65 |
|
66 |
- FT_TRACE1(( "cid_load_glyph: glyph index %d\n", glyph_index ));
|
|
66 |
+ FT_TRACE1(( "cid_load_glyph: glyph index %u\n", glyph_index ));
|
|
67 | 67 |
|
68 | 68 |
#ifdef FT_CONFIG_OPTION_INCREMENTAL
|
69 | 69 |
|
... | ... | @@ -76,20 +76,17 @@ |
76 | 76 |
|
77 | 77 |
error = inc->funcs->get_glyph_data( inc->object,
|
78 | 78 |
glyph_index, &glyph_data );
|
79 |
- if ( error )
|
|
79 |
+ if ( error || glyph_data.length < cid->fd_bytes )
|
|
80 | 80 |
goto Exit;
|
81 | 81 |
|
82 | 82 |
p = (FT_Byte*)glyph_data.pointer;
|
83 |
- fd_select = cid_get_offset( &p, (FT_Byte)cid->fd_bytes );
|
|
83 |
+ fd_select = cid_get_offset( &p, cid->fd_bytes );
|
|
84 | 84 |
|
85 |
- if ( glyph_data.length != 0 )
|
|
86 |
- {
|
|
87 |
- glyph_length = (FT_ULong)( glyph_data.length - cid->fd_bytes );
|
|
85 |
+ glyph_length = glyph_data.length - cid->fd_bytes;
|
|
88 | 86 |
|
89 |
- if ( !FT_QALLOC( charstring, glyph_length ) )
|
|
90 |
- FT_MEM_COPY( charstring, glyph_data.pointer + cid->fd_bytes,
|
|
91 |
- glyph_length );
|
|
92 |
- }
|
|
87 |
+ if ( !FT_QALLOC( charstring, glyph_length ) )
|
|
88 |
+ FT_MEM_COPY( charstring, glyph_data.pointer + cid->fd_bytes,
|
|
89 |
+ glyph_length );
|
|
93 | 90 |
|
94 | 91 |
inc->funcs->free_glyph_data( inc->object, &glyph_data );
|
95 | 92 |
|
... | ... | @@ -104,7 +101,7 @@ |
104 | 101 |
/* For ordinary fonts read the CID font dictionary index */
|
105 | 102 |
/* and charstring offset from the CIDMap. */
|
106 | 103 |
{
|
107 |
- FT_UInt entry_len = (FT_UInt)( cid->fd_bytes + cid->gd_bytes );
|
|
104 |
+ FT_UInt entry_len = cid->fd_bytes + cid->gd_bytes;
|
|
108 | 105 |
FT_ULong off1, off2;
|
109 | 106 |
|
110 | 107 |
|
... | ... | @@ -114,10 +111,10 @@ |
114 | 111 |
goto Exit;
|
115 | 112 |
|
116 | 113 |
p = (FT_Byte*)stream->cursor;
|
117 |
- fd_select = cid_get_offset( &p, (FT_Byte)cid->fd_bytes );
|
|
118 |
- off1 = cid_get_offset( &p, (FT_Byte)cid->gd_bytes );
|
|
114 |
+ fd_select = cid_get_offset( &p, cid->fd_bytes );
|
|
115 |
+ off1 = cid_get_offset( &p, cid->gd_bytes );
|
|
119 | 116 |
p += cid->fd_bytes;
|
120 |
- off2 = cid_get_offset( &p, (FT_Byte)cid->gd_bytes );
|
|
117 |
+ off2 = cid_get_offset( &p, cid->gd_bytes );
|
|
121 | 118 |
FT_FRAME_EXIT();
|
122 | 119 |
|
123 | 120 |
if ( fd_select >= (FT_ULong)cid->num_dicts ||
|
... | ... | @@ -41,7 +41,7 @@ |
41 | 41 |
/* read a single offset */
|
42 | 42 |
FT_LOCAL_DEF( FT_ULong )
|
43 | 43 |
cid_get_offset( FT_Byte* *start,
|
44 |
- FT_Byte offsize )
|
|
44 |
+ FT_UInt offsize )
|
|
45 | 45 |
{
|
46 | 46 |
FT_ULong result;
|
47 | 47 |
FT_Byte* p = *start;
|
... | ... | @@ -275,7 +275,7 @@ |
275 | 275 |
if ( (FT_ULong)num_dicts > stream->size / 100 )
|
276 | 276 |
{
|
277 | 277 |
FT_TRACE0(( "parse_fd_array: adjusting FDArray size"
|
278 |
- " (from %ld to %ld)\n",
|
|
278 |
+ " (from %ld to %lu)\n",
|
|
279 | 279 |
num_dicts,
|
280 | 280 |
stream->size / 100 ));
|
281 | 281 |
num_dicts = (FT_Long)( stream->size / 100 );
|
... | ... | @@ -560,12 +560,12 @@ |
560 | 560 |
|
561 | 561 |
/* read the subrmap's offsets */
|
562 | 562 |
if ( FT_STREAM_SEEK( cid->data_offset + dict->subrmap_offset ) ||
|
563 |
- FT_FRAME_ENTER( ( num_subrs + 1 ) * (FT_UInt)dict->sd_bytes ) )
|
|
563 |
+ FT_FRAME_ENTER( ( num_subrs + 1 ) * dict->sd_bytes ) )
|
|
564 | 564 |
goto Fail;
|
565 | 565 |
|
566 | 566 |
p = (FT_Byte*)stream->cursor;
|
567 | 567 |
for ( count = 0; count <= num_subrs; count++ )
|
568 |
- offsets[count] = cid_get_offset( &p, (FT_Byte)dict->sd_bytes );
|
|
568 |
+ offsets[count] = cid_get_offset( &p, dict->sd_bytes );
|
|
569 | 569 |
|
570 | 570 |
FT_FRAME_EXIT();
|
571 | 571 |
|
... | ... | @@ -805,7 +805,7 @@ |
805 | 805 |
face->root.stream->size - parser->data_offset )
|
806 | 806 |
{
|
807 | 807 |
FT_TRACE0(( "cid_face_open: adjusting length of binary data\n" ));
|
808 |
- FT_TRACE0(( " (from %ld to %ld bytes)\n",
|
|
808 |
+ FT_TRACE0(( " (from %lu to %lu bytes)\n",
|
|
809 | 809 |
parser->binary_length,
|
810 | 810 |
face->root.stream->size - parser->data_offset ));
|
811 | 811 |
parser->binary_length = face->root.stream->size -
|
... | ... | @@ -833,10 +833,10 @@ |
833 | 833 |
|
834 | 834 |
/* sanity tests */
|
835 | 835 |
|
836 |
- if ( cid->fd_bytes < 0 || cid->gd_bytes < 1 )
|
|
836 |
+ if ( cid->gd_bytes == 0 )
|
|
837 | 837 |
{
|
838 | 838 |
FT_ERROR(( "cid_face_open:"
|
839 |
- " Invalid `FDBytes' or `GDBytes' value\n" ));
|
|
839 |
+ " Invalid `GDBytes' value\n" ));
|
|
840 | 840 |
error = FT_THROW( Invalid_File_Format );
|
841 | 841 |
goto Exit;
|
842 | 842 |
}
|
... | ... | @@ -853,7 +853,7 @@ |
853 | 853 |
}
|
854 | 854 |
|
855 | 855 |
binary_length = face->cid_stream->size - cid->data_offset;
|
856 |
- entry_len = (FT_ULong)( cid->fd_bytes + cid->gd_bytes );
|
|
856 |
+ entry_len = cid->fd_bytes + cid->gd_bytes;
|
|
857 | 857 |
|
858 | 858 |
for ( n = 0; n < cid->num_dicts; n++ )
|
859 | 859 |
{
|
... | ... | @@ -879,8 +879,7 @@ |
879 | 879 |
dict->private_dict.blue_fuzz = 1;
|
880 | 880 |
}
|
881 | 881 |
|
882 |
- if ( dict->sd_bytes < 0 ||
|
|
883 |
- ( dict->num_subrs && dict->sd_bytes < 1 ) )
|
|
882 |
+ if ( dict->num_subrs && dict->sd_bytes == 0 )
|
|
884 | 883 |
{
|
885 | 884 |
FT_ERROR(( "cid_face_open: Invalid `SDBytes' value\n" ));
|
886 | 885 |
error = FT_THROW( Invalid_File_Format );
|
... | ... | @@ -903,11 +902,10 @@ |
903 | 902 |
goto Exit;
|
904 | 903 |
}
|
905 | 904 |
|
906 |
- /* `num_subrs' is scanned as a signed integer */
|
|
907 |
- if ( (FT_Int)dict->num_subrs < 0 ||
|
|
908 |
- ( dict->sd_bytes &&
|
|
909 |
- dict->num_subrs > ( binary_length - dict->subrmap_offset ) /
|
|
910 |
- (FT_UInt)dict->sd_bytes ) )
|
|
905 |
+ /* The first condition prevents the multiplication overflow */
|
|
906 |
+ if ( dict->num_subrs > UINT_MAX / 4 ||
|
|
907 |
+ dict->num_subrs * dict->sd_bytes >
|
|
908 |
+ binary_length - dict->subrmap_offset )
|
|
911 | 909 |
{
|
912 | 910 |
FT_ERROR(( "cid_face_open: Invalid `SubrCount' value\n" ));
|
913 | 911 |
error = FT_THROW( Invalid_File_Format );
|
... | ... | @@ -37,7 +37,7 @@ FT_BEGIN_HEADER |
37 | 37 |
|
38 | 38 |
FT_LOCAL( FT_ULong )
|
39 | 39 |
cid_get_offset( FT_Byte** start,
|
40 |
- FT_Byte offsize );
|
|
40 |
+ FT_UInt offsize );
|
|
41 | 41 |
|
42 | 42 |
FT_LOCAL( FT_Error )
|
43 | 43 |
cid_face_open( CID_Face face,
|
... | ... | @@ -742,13 +742,13 @@ |
742 | 742 |
/* For ordinary fonts get the character data stored in the face record. */
|
743 | 743 |
{
|
744 | 744 |
glyph_data.pointer = type1->charstrings[glyph_index];
|
745 |
- glyph_data.length = (FT_Int)type1->charstrings_len[glyph_index];
|
|
745 |
+ glyph_data.length = type1->charstrings_len[glyph_index];
|
|
746 | 746 |
}
|
747 | 747 |
|
748 | 748 |
if ( !error )
|
749 | 749 |
{
|
750 | 750 |
FT_Byte* charstring_base = (FT_Byte*)glyph_data.pointer;
|
751 |
- FT_ULong charstring_len = (FT_ULong)glyph_data.length;
|
|
751 |
+ FT_ULong charstring_len = glyph_data.length;
|
|
752 | 752 |
|
753 | 753 |
|
754 | 754 |
FT_ASSERT( charstring_base + charstring_len >= charstring_base );
|
... | ... | @@ -778,7 +778,7 @@ |
778 | 778 |
face = (T1_Face)decoder->builder.face;
|
779 | 779 |
|
780 | 780 |
data.pointer = buf->start;
|
781 |
- data.length = (FT_Int)( buf->end - buf->start );
|
|
781 |
+ data.length = (FT_UInt)( buf->end - buf->start );
|
|
782 | 782 |
|
783 | 783 |
if ( face->root.internal->incremental_interface )
|
784 | 784 |
face->root.internal->incremental_interface->funcs->free_glyph_data(
|
... | ... | @@ -1392,7 +1392,7 @@ |
1392 | 1392 |
FT_READ_USHORT( n_ins ) )
|
1393 | 1393 |
return error;
|
1394 | 1394 |
|
1395 |
- FT_TRACE5(( " Instructions size = %d\n", n_ins ));
|
|
1395 |
+ FT_TRACE5(( " Instructions size = %hu\n", n_ins ));
|
|
1396 | 1396 |
|
1397 | 1397 |
/* check it */
|
1398 | 1398 |
max_ins = loader->face->max_profile.maxSizeOfInstructions;
|
... | ... | @@ -1400,10 +1400,10 @@ |
1400 | 1400 |
{
|
1401 | 1401 |
/* don't trust `maxSizeOfInstructions'; */
|
1402 | 1402 |
/* only do a rough safety check */
|
1403 |
- if ( (FT_Int)n_ins > loader->byte_len )
|
|
1403 |
+ if ( n_ins > loader->byte_len )
|
|
1404 | 1404 |
{
|
1405 | 1405 |
FT_TRACE1(( "TT_Process_Composite_Glyph:"
|
1406 |
- " too many instructions (%d) for glyph with length %d\n",
|
|
1406 |
+ " too many instructions (%hu) for glyph with length %u\n",
|
|
1407 | 1407 |
n_ins, loader->byte_len ));
|
1408 | 1408 |
return FT_THROW( Too_Many_Hints );
|
1409 | 1409 |
}
|
... | ... | @@ -1686,7 +1686,7 @@ |
1686 | 1686 |
FT_ZERO( &inc_stream );
|
1687 | 1687 |
FT_Stream_OpenMemory( &inc_stream,
|
1688 | 1688 |
glyph_data.pointer,
|
1689 |
- (FT_ULong)glyph_data.length );
|
|
1689 |
+ glyph_data.length );
|
|
1690 | 1690 |
|
1691 | 1691 |
loader->stream = &inc_stream;
|
1692 | 1692 |
}
|
... | ... | @@ -1694,8 +1694,7 @@ |
1694 | 1694 |
|
1695 | 1695 |
#endif /* FT_CONFIG_OPTION_INCREMENTAL */
|
1696 | 1696 |
|
1697 |
- offset = tt_face_get_location( face, glyph_index,
|
|
1698 |
- (FT_UInt*)&loader->byte_len );
|
|
1697 |
+ offset = tt_face_get_location( face, glyph_index, &loader->byte_len );
|
|
1699 | 1698 |
|
1700 | 1699 |
if ( loader->byte_len > 0 )
|
1701 | 1700 |
{
|
... | ... | @@ -1714,7 +1713,7 @@ |
1714 | 1713 |
|
1715 | 1714 |
error = face->access_glyph_frame( loader, glyph_index,
|
1716 | 1715 |
face->glyf_offset + offset,
|
1717 |
- (FT_UInt)loader->byte_len );
|
|
1716 |
+ loader->byte_len );
|
|
1718 | 1717 |
if ( error )
|
1719 | 1718 |
goto Exit;
|
1720 | 1719 |
|
... | ... | @@ -1849,7 +1848,7 @@ |
1849 | 1848 |
/* (which consists of 10 bytes) */
|
1850 | 1849 |
error = face->access_glyph_frame( loader, glyph_index,
|
1851 | 1850 |
face->glyf_offset + offset + 10,
|
1852 |
- (FT_UInt)loader->byte_len - 10 );
|
|
1851 |
+ loader->byte_len - 10 );
|
|
1853 | 1852 |
if ( error )
|
1854 | 1853 |
goto Exit;
|
1855 | 1854 |
|
... | ... | @@ -2105,7 +2104,7 @@ |
2105 | 2104 |
FT_UInt num_base_subgs = gloader->base.num_subglyphs;
|
2106 | 2105 |
|
2107 | 2106 |
FT_Stream old_stream = loader->stream;
|
2108 |
- FT_Int old_byte_len = loader->byte_len;
|
|
2107 |
+ FT_UInt old_byte_len = loader->byte_len;
|
|
2109 | 2108 |
|
2110 | 2109 |
|
2111 | 2110 |
FT_GlyphLoader_Add( gloader );
|